Editor’s Note: The article has been updated with references to Huobi removed after representatives confirmed
A wallet associated with this week’s $31 million Tether hack has been linked to previous bitcoin exchange thefts numbering in the tens of thousands of bitcoins.
As CCN reported, the Tether development team revealed yesterday that its hot wallet had been hacked for $31 million in USDT, an Omni-based token that is pegged to the U.S. dollar at a one-to-one ratio.
Reddit user SpeedflyChris began looking into the bitcoin addresses associated with the theft, and using WalletExplorer — a smart Bitcoin block explorer that groups individual addresses into clusters to identify likely wallet ownership — he discovered a link between the wallet used to empty the Tether address and the wallets that had been used to during the 2015 hacks of bitcoin exchange Bitstamp.
Apparently, the address that had been used during the Tether hack had received .01 BTC shortly before the hack. The sender of that transaction had recently received coins from this wallet, which was created in 2015. This is where things start to get interesting.
This same wallet was first used to steal more than 18,500 BTC — worth $5 million then but more than $150 million today — from Bitstamp in January 2015.
SpeedflyChris told CCN that he stumbled upon the link between the hacks by accident.
“I actually wasn’t looking for it at all which is the crazy thing. It looks like they transferred 0.01BTC to the wallet they were going to move the 30 million tethers to several hours before, presumably so that they would have BTC in the wallet to pay the fees to move those stolen tethers afterwards. In the end the Tether wallet had a little over 5BTC which they took as well so they actually didn’t need to do that at all,” he said.
He said that what surprised him most about the Tether hack is how brazen the hacker was about linking wallets used in multiple hacks together, irrespective of the powerful blockchain analytics tools that can be used to unmask wallet owners. Amazingly, he also linked these wallets to a series of LocalBitcoins transactions, meaning that whoever was using this LocalBitcoins address in 2015 is almost certainly the hacker.
“Bizarrely, they transferred those coins over using a wallet linked to the Bitstamp hack, which lead me down the rabbit hole somewhat and from there all of the transactions fell into place. Then, if you look at how the Bitstamp and Huobi funds [ Editor’s Notte: the latter has now confirmed there was no hack] were moved around afterwards they went to the same wallets, and were then split up with a lot of the coins being moved to BTC-e mostly in batches of 1000. 1000BTC of it was passed through a wallet that had previously been used for depositing at LocalBitcoins as well months prior,” he continued.
Consequently, he believes that the hacker — who has now apparently stolen at least $250 million worth of funds in today’s dollars — is “not particularly concerned about chain analysis, or they’re just totally ignorant of how powerful a tool it is.”
Featured image from Shutterstock.Follow us on Telegram or subscribe to our newsletter here.
• Join CCN's crypto community for $9.99 per month, click here.
• Want exclusive analysis and crypto insights from Hacked.com? Click here.
• Open Positions at CCN: Full Time and Part Time Journalists Wanted.